The present invention relates to a relay apparatus and a terminal apparatus that are coupled to an authentication apparatus through a communication path and a communication method. In particular, the present invention can be preferably used for authentication of the relay apparatus and the terminal apparatus.
In a hierarchically constructed system, it becomes more important to technically protect the system from attack which causes an illegal device to participate in the system. For example, a vehicle in which an in-vehicle network is mounted is configured to be able to couple to an external authentication server through a gateway and can receive authentication for the vehicle. However, even when an illegal device is coupled to the in-vehicle network, it is necessary to protect other authentic devices coupled to the in-vehicle network from attack performed by the illegal device.
Japanese Unexamined Patent Application Publication (Translation of PCT Application) No. 2014-513349 discloses a method of providing service by a machine to machine (M2M) device. The M2M device includes a transmitter that transmits a request for a first authentication including an authentication information to a network security unit (NSEC) and a controller that performs extensible authentication protocol (EAP) along with the transmitter, and further includes a key generator that generates a secret key by using at least one of a master session key (MSK) and the authentication information of the M2M device when the authentication has succeeded. Here, the NSEC representing the network security unit is an abbreviation of network security capability, the EAP is an abbreviation of extensible authentication protocol, and the MSK is an abbreviation of master session key.
Japanese Unexamined Patent Application Publication No. Hei 11(1999)-088325 discloses an authentication system that can protect information from falsification and leakage by providing a control manager having an authentication function based on Byzantine agreement and a verification/control function of covert channel in a network.
Japanese Unexamined Patent Application Publication No. 2002-358226 discloses a method of safely distributing and managing file systems by a plurality of computers. Safety is ensured by duplicating and storing a directory in a plurality of computers (Byzantine group) that form the Byzantine agreement and load is reduced by not using the Byzantine agreement although a file is duplicated and stored in a plurality of computers. Further, it is possible to verify that content of read file is correct by duplicating and storing a digest value of the content of the file in the Byzantine group.